post written by: Marc Chernoff
6 Digitally Traceable Tracks We Unconsciously Leave Behind
We live in a world of constant connection where the products of our existence interrelate in such a way that we rarely leave a clean slate behind us. Many people fail to see the correlation between technological convenience and disruption of privacy. Even when nobody is watching, it is quite plausible that a computer somewhere is. The data tracks we leave behind are traceable, and when the dots are connected, the trail leads right back to us.
I have compiled a list of 6 digitally traceable tracks we unconsciously leave behind as we trek through our daily routines. I have also included a hypothetical example of how easy it can be to track someone down online by tracing their online affiliations and dabbling with the information that is found.
1. Username or Alias – While passwords are always private, usernames are generally available to the public. Many people use the same username on every single digital account they access. Likewise, many usernames also double as online aliases used for identity on various searchable social media sites, discussion forums, etc. This means that you can Google someone’s username, discover other websites where they’ve used it, and see if any of these other sites publicly associate an email address with the username. The email address can then be Google’d in an effort to uncover the real name of the individual who owns it. Another option would be to send the person a well crafted email in hopes that that they will reply from an email client that includes their real name in the headers.
2. IP Address - When you connect to the Internet you are assigned a unique Internet Protocol (IP) address that allows your computer to communicate with others. Unless you use an anonymizing service such as Tor, or a free anonymous web proxy, your IP address is fairly easy to trace. Your IP address is logged by every web server you visit and associated with every email you send. There are numerous websites that offer free IP lookup services capable of telling someone the city, state and Internet service provider for any given IP address. How do you think the RIAA tracks down all those vicious (just kidding) 14 year old peer to peer music pirates?
3. Mobile Phone Transmission - As you drive around town chatting on your mobile phone your signal is being handed off from one mobile phone tower to the next. Most urban areas have several towers serving the vicinity. If you are near at least three towers your exact whereabouts can be pinpointed to within a few hundred feet via a measurement process called triangulation. Your location can usually be measured within a mile or so even in rural areas lacking three available towers. Many large service providers make these capabilities widely known. Sprint/Nextel calls it “Mobile Locator“. Newer phones that include GPS capabilities can make the tracking process even easier.
4. Vehicle Telematics and GPS Monitoring – These systems are used for a variety of purposes including, but not limited to, stolen vehicle tracking, emergency collision notification, mechanical diagnostics reporting, and driver navigation assistance. General Motors’ OnStar service is one of the more mainstream examples of a vehicle telematics system. OnStar can instantly transmit detailed vehicle data back to their support center, including information about the mechanical condition and exact location of the vehicle. Advocates say vehicle telematics systems provide an essential driver security service. Critics say it’s a major privacy concern, comparing it to that of “Big Brother” tracking your every move. One thing is for sure, with vehicle telematics you’re leaving digital tracks everywhere you go.
5. Public Transit Cards - Most urban areas with public transit systems now rely on some form of passenger payment card to keep track of passenger fares. Each card is equipped with a data strip and serial number unique to that specific card. The transit computer systems use the serial number and data strip to keep track of the prepaid fare balance on each card. Frequent passengers typically recharge the dollar balance on their transit cards automatically via a credit card, thus tying the passenger’s full name and credit info to the unique serial number on their card. When a passenger swipes their transit card to board a public transportation vehicle the location and timestamp are recorded in the transit system’s computer database. Although access to these records is restricted, police often use them to tie criminals to the time and place of a crime.
6. Malware - Malware (also called spyware or adware) is a generalized term describing computer software programs that automatically download and install themselves onto your computer without your permission or knowledge. Much like a Trojan horse, malware can be hidden on malicious web pages or within other computer programs. A user is infected when they use the web page or infected application. The most common kind of malware will keep track of the websites you visit in order to target relevant pop-up ads to display on your computer as you browse the web. Many of these same malware applications will also send your web browsing habits back to the creators for statistical evaluation purposes. There are also more ruthless malware Trojans that record your keystrokes, steal your passwords, and even allow your computer to be remotely controlled by a computer cracker’s botnet. If you’re not using a decent anti-malware suite your computer could be silently spilling your every move to the bad guys.
BONUS: Tracking Someone Down Online – I thought it would be fun to give a brief example of how a complete stranger could track someone down using the seemingly innocuous data we all regularly leave behind online. I’m not suggesting that anyone should actually do this; it would be pretty darn creepy and stalker-like. The point here is not to create paranoia, but to instead spread awareness. Most people don’t realize how easy it is phish out pieces of information online and connect the dots. Consider the following hypothetical scenario:
You’ve been chatting online with someone via MySpace for a couple of weeks now. You decide you want to find out more about them. Without asking them any personal questions, you take the following steps:
- You type their exact MySpace username/alias into Google. Google returns a variety of results including a series of posts on a discussion board forum. The discussion board has a user profile page that displays basic information on the user including the user’s email address.
- You could now Google the email address, but instead you decide to run it though the Flickr Friends search tool. This tool will tell you if a Flickr account has been opened using a specific email address. Flickr is a popular photo sharing site. Lo and behold, an account exists that matches the email address.
- You visit the user’s Flickr page which has various photo galleries of people at social gatherings. After awhile you find a photo tagged with captions from a first-person perspective. The caption clearly indicates which person in the photo owns the gallery, whom also happens to be the target you’re tracking down. Now you know what they look like. Hmmmm…. interesting.
- You create a free Gmail account with a username similar to one of the aliases found on either your target’s MySpace friends list or their Flickr contacts list. You craft a well written email to the target claiming to be the person whose alias you stole. The goal is to get the target to reply to your email. This email also contains an HTML embedded photo that you placed in a very obscure place on your public web server. You placed it in an obscure place so that no body else would accidentally find it.
- Your target checks the email and believes that you probably are who you claim to be, so they happily reply. The email they send back to you has a “From:” header that includes their full name. In the process of checking the email they also opened/accessed the random embedded photo housed on your web server. You check your web server logs to see what IP address accessed the photo. (Note: You may also be able to get their IP address from the full headers in the reply email.)
- You take their IP address and plug it into the WhatIsMyIP IP Lookup tool which returns the geographic location and city where their IP address originates.
So let’s recap… You started off knowing only a person’s online alias, but now you know their full name, city and location, email address, and you have their photo. Finding their physical street address at this point is a cakewalk. One could make the argument that not everyone is quite this easy to track down online. But you do have to wonder, how people actually are? I bet there are thousands of them… and I’m also pretty confident that you know a least a few of them personally.
For a great read on computer privacy, also check out:
- How to Be Invisible: The Essential Guide to Protecting Your Personal Privacy, Your Assets, and Your Life (Revised Edition)
- Privacy Lost: How Technology Is Endangering Your Privacy
- Bulletproof Privacy: How to Live Hidden, Happy and Free!